Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Data processing apparatus security

Active Publication Date: 2006-08-17
ARM LTD
View PDF11 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0008] By determining whether the non-secure data access request is not associated with the region of secure data, it is possible to ensure that no non-secure data accesses occur for address values within a secure region. Such an approach reduces the risk that a non-secure data access can be performed to access a secure data value having an address value falling within the secure region.
[0011] Preventing the data access from completing until it is confirmed that the non-secure data access is associated with a non-secure data value further helps to ensure that non-secure data accesses can not be used to access secure data values.
[0013] Preventing the processor from receiving a response for the access until it is confirmed that the non-secure data access is associated with a non-secure data value further helps to ensure that non-secure data accesses can not be used to access secure data values.
[0037] According to a further aspect, the present invention provides a method of accessing data values in data processing apparatus, each data value being associated with a respective address value, the data processing apparatus comprising a processor operable to process an instruction which causes a data access request, a main memory operable to store data values, the main memory having a region of secure data values and a cache operable to store previously accessed data values, the method comprising the steps of: receiving a data access request from the processor requesting a data value be accessed in the cache, the data access request having an address value and a security attribute associated therewith; in the event that the security attribute indicates a non-secure data access request, determining whether the non-secure data access request is associated with the region of secure data values by interrogating a data region allocation table; and in the event that the data region allocation table provides an indication that the address value is not associated with the secure data region, enabling the data access request to complete.

Problems solved by technology

However, the present invention recognises that a problem with such an approach is that it may be possible, either through unexpected behaviour of the data processing system or through deliberate or malicious coding, to circumvent any security safeguards provided and access secure data stored in the level two cache using a non-secure data transaction.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data processing apparatus security
  • Data processing apparatus security
  • Data processing apparatus security

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049]FIG. 1 illustrates a data processing system according to an embodiment. The data processing system, generally 10, comprises a level 1 processor core 20. Coupled with the level 1 processor core 20 is a level 2 memory 30 having a cache 35 and a level three memory 40.

[0050] The level 1 processor core 20 is operable to execute a sequence of instructions that are applied to data values supplied to the processor core 20. Instructions and data to be processed by the processor core 20 are stored in the level three memory 40. Hereafter, the term data value will be used to refer to both instructions and data.

[0051] The level 2 memory 30 includes the cache 35 arranged to store data values so that they are subsequently readily accessible by the processor core 20 using a reduced number of access cycles when compared to an equivalent access to the level three memory 40. The cache 35 stores a data value associated with a memory address until it is overwritten by a data value for a new memo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A data processing apparatus operable to access data values, each data value being associated with a respective address value is disclosed. The data processing apparatus comprises: a processor operable to process an instruction which causes a data access request; a main memory operable to store data values, said main memory having a region of secure data values; a cache operable to store previously accessed data values; and cache interface logic comprising: data transaction logic operable to receive a data access request from said processor requesting a data value be accessed in said cache, said data access request having an address value and a security attribute associated therewith; and security determination logic operable, in the event that said security attribute indicates a non-secure data access request, to determine whether said non-secure data access request is associated with said region of secure data values by interrogating a data region allocation table and, in the event that said data region allocation table provides an indication that said address value is not associated with said secure data region, to enable said data access request to complete. By determining whether the non-secure data access request is not associated with the region of secure data, it is possible to ensure that no non-secure data accesses occur for address values within a secure region.

Description

FIELD OF THE INVENTION [0001] The present invention relates to data processing apparatus security. Embodiments of the present invention relate to a data processing apparatus operable to perform a data access dependent on security attributes associated with that data access. BACKGROUND OF THE INVENTION [0002] It is becoming increasingly important in data processing systems to provide techniques for handling secure and non-secure data. Such techniques often seek to restrict the circumstances under which secure data may be accessed and manipulated. However, whilst many safeguards often exist to protect the integrity of secure data, weaknesses in the techniques employed may invariably still exist which may circumvent the safeguards provided and may compromise the integrity of secure data. [0003] Accordingly, it is desired to provide a technique which assists in maintaining the integrity of secure data. SUMMARY OF INVENTION [0004] The present invention recognises that even when operating...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F12/14
CPCG06F12/0897G06F12/1425
Inventor VARMA, RAHOUL KUMARWICKS, MARC RICHARDDUNCAN, GARETHMCHALE, DAVID FRANCISLIVESLEY, MIKE
Owner ARM LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com